About Us: GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
Role Summary: You are a skilled Cyber Security Architect who enjoys security work and is an expert in application security, product / OT security and Cloud security. In this role, you will be working with product development teams to design secure code and products to support the GE manufacturing core business.
Function as cyber security leader in daily Sprint stand up, and provide ownership for all aspects of security lifecycle in product release
Provide cyber security technical thought leadership, and inject secure coding standards and best practices into daily scrums.
Provide mentoring, and skill set knowledge transfer to scrum team members
Review and modify agile user stories and epics to ensure correct authentication, authorization, and logging
Partner with other Aviation IT & business teams to develop secure technical solutions.
Support MVP’s through “hands on” technical security knowledge, integration, and development/coding
Work with a team of architects and developers, operational leads and functional owners to plan and implement security technical features.
Ability to work in a fast paced, dynamic environment, with shifting priorities; must be comfortable with change and actively driving improvements.
Understand how new technologies impact the current environment
Champion the adoption of new technologies and drive the implementation into the GE environment.
Bachelor's degree in Information Systems, Information Technology (IT), Computer Science or Engineering (or a high school diploma/GED with experience in information systems design, implementation, or integration)
Strong experience in Engineering involving product design, development, or test
Travel – 25% or less
Provides design, installation/development, & configuration of Cyber Security solutions.
Ability to simplify and communicate technical concepts & architecture to non-technical team members.
Experience with application logging integration, and products (Log4J, Logstash, Splunk).
Knowledge of Federated security architecture, flows, and standards (SAML, OpenID_Connect, and JSON_Web-Toke (JWT)).
Integration level knowledge of API Security Architecture, and technologies (OAuth2, Spring Security, HMAC, WS-Security, WS-Trust, or XACML)
Hands on experience developing secure RESTful API’s.
Working knowledge of Cloud Provider security architecture design patterns (AWS, CloudFoundry, Azure).
Proficiency in development frameworks (Spring Security, Spring Boot, or AngularJS)
Working knowledge of OWASP Web/API vulnerabilities and compensating controls (CSRF, XSS, SQLI, etc.)
Familiarity with encryption fundamentals: PKI, Encryption, Digital Signatures
, & Key Management
Expert knowledge of HTTP protocol
Knowledge of Risk Controls framework, and Audit procedures (27000/1/2, NIST 800-53/171, DFARS)
Position requires an individual that is highly organized and self-motivated
Proven ability and desire to learn and adapt to new products quickly and comprehensively
We are in the process of transitioning to an improved job application system and in the interim we are operating with two systems. Have your Job ID ready (from the email you received when you applied) to log in and check your application status.
Click the appropriate button. If you don't know your job ID, you can still check your status: use both buttons.